Recently I was asked, “how can I avoid the cloud?” The person was concerned about the most recent iCloud celebrity photo incident. Sure, the incident generates some anxiety but should it discourage us from using cloud services? I’m sure there are many others with the same concern so I thought I’d share my thoughts on the subject.
[Cloud Definition – The cloud consists of publicly accessible services delivered over the internet, and may or may not have a monthly fee associated with it. Example cloud services include GMail, Facebook, Instagram, and iCloud. The companies that provide cloud services are referred to as service providers and are ultimately responsible for the security and privacy of your data.]
At this point in time it’s extremely difficult to avoid cloud services because they offer so many conveniences. Let’s face it, the internet and cloud services have significantly impacted our lives and opened up possibilities to connect with our loved ones, form new relationships, introduce new business models, and improve our productivity. These are all positive changes.
The downside is the internet can be a dangerous place that creates new risks that we haven’t imagined. Yes, there are risks associated with the cloud – your data can be hacked and posted for all to see, service providers can sell your data to insurance companies and impact your ability to obtain coverage. These are real possibilities and there isn’t a lot you can do about it once you hit the send button to upload your data – the service provider has all of the control at that point.
So what do we do? Sticking our head in the sand and ignoring cloud services is not an option. The key is using cloud services in a thoughtful way and making informed decisions when engaging with cloud providers. Thoughtful use of cloud services focuses on basic security measures to reduce risk. Below are basic steps we can take to manage risk when using cloud services.
- Use reasonably complex passwords (e.g., h1ghcl0ud ) that are easy to remember
- Keep your password to yourself – don’t share!
- Change your password periodically – preferably every 3-4 months
- Use different passwords for extremely sensitive sites such as online banking
- Sign up for additional password options when they are available. For example, Google will text you a pin that must be used with your password during login. This adds a layer of security and guards against someone obtaining your password.
- Avoid public Wi-Fi networks – casual browsing is okay but don’t access services that require your password
- Know which Wi-Fi network you are connecting to – HyattHotel or HyattGuest – Which one is hosted by a hacker looking to get your login information? Ask the hotel staff to ensure you know which network is valid.
- Use reasonably complex passwords to protect your home wireless networks
- Change your home wireless network password periodically
- Ensure all communication is encrypted
- Be aware of the software you download (see Clueful to understand privacy considerations). Some software transmits information from your device to the internet.
- Use a password/pin to protect your mobile device
- Avoid saving your password in the browser – don’t allow sites to save password or user ID
- Clear browser cache periodically (select this link for instructions)
- Avoid using public computers to access cloud services. If you have no choice, clearing the cache (previous point) is a must.
- Avoid “saving” payment information on web sites. Yes, this is a convenience but also places you more at risk. There are some services (e.g., iTunes) where this is unavoidable. See the next point for these scenarios.
- Avoid using debit cards or checking accounts for payments. Use a credit card from an institution that has good fraud protection policies in place. This will limit your risk if your payment information is exposed.
Performing these steps will reduce the risk that’s within your control. The risk that’s out of your control rests with the service provider (e.g., Apple, Google, Instagram, etc.). Most of these companies have reasonable security controls in place because breaches can adversely impact their reputation and ultimately revenue.
We must take it upon ourselves to be informed consumers of cloud services – it’s our data at stake. We must understand who these companies are before we give our data to them. Is the company reputable? Do they handle your data properly? What’s their security and privacy track record? Admittedly, there is no easy way for the consumer to do this research today. Reference sites such as Consumer Affairs Privacy may be able to help.
Hopefully this has given you some insight to using cloud services responsibly. In today’s society avoiding the cloud isn’t a practical option. Becoming a smart consumer and using the suggestions above is your best path to reducing your risk. I’ll continue to share thoughts on this topic in the future. Stay tuned!